yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-27 01:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,550 Commits 88 Branches 205 Tags 69 MiB
dad1ad739d
Commit Graph

2036 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
ae31914990 Rename ssl_legacy_renegotiation() to ssl_set_... 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
662c6e8cdd Disable truncated HMAC by default 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
1028b74cff Upgrade default DHM params size 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
8836994f6b Move WANT_READ/WANT_WRITE codes to SSL 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
1b511f93c6 Rename ssl_set_bio_timeout() to set_bio() 
Initially thought it was best to keep the old function around and add a new
one, but this so many ssl_set_xxx() functions are changing anyway...
 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
97fd52c529 Split ssl_set_read_timeout() out of bio_timeout() 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
bc2b771af4 Move ssl_set_ca_chain() to work on config 2015-05-11 12:33:26 +02:00
Manuel Pégourié-Gonnard
ba26c24769 Change how hostname is stored internally 2015-05-07 10:19:14 +01:00
Manuel Pégourié-Gonnard
2b49445876 Move session ticket keys to conf 
This is temporary, they will soon be replaced by callbacks.
!!! In this intermediate step security is removed !!!
 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
684b0592cb Move ssl_set_fallback() to work on conf 
Initially thought it would be per-connection, but since max_version is in conf
too, and you need to lower that for a fallback connection, the fallback flag
should be in the same place
 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
6bf89d6ad9 Move ssl_set_max_fragment_len to work on conf 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
17eab2b65c Move set_cbc_record_splitting() to conf 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d36e33fc07 Move easy ssl_set_xxx() functions to work on conf 
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
419d5ae419 Make endpoint+transport args of config_defaults() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
def0bbe3ab Allocate ssl_config out of ssl_setup() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
cd523e2a5e Introduce mbedtls_ssl_config_{init,defaults,free}() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
7ca4e4dc79 Move things to conf substructure 
A simple series of sed invocations.

This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
9f145de4dc Fix merge issue from 1.3 branch 2015-05-04 15:03:50 +02:00
Manuel Pégourié-Gonnard
e36d56419e Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  fix bug in ssl_mail_client
  Adapt compat.sh to GnuTLS 3.4
  Fix undefined behaviour in x509

Conflicts:
	programs/ssl/ssl_mail_client.c
	tests/compat.sh
 2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
159c524df8 Fix undefined behaviour in x509 2015-04-30 11:21:18 +02:00
Manuel Pégourié-Gonnard
da61ed3346 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
 2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
7d1e95c991 Add countermeasure against cache-based lucky 13 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
d97828e7af Fix detection of getrandom() 2015-04-29 14:28:48 +02:00
Manuel Pégourié-Gonnard
8a81e84638 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Add countermeasure against cache-based lucky 13

Conflicts:
	library/ssl_tls.c
 2015-04-29 02:13:42 +02:00
Manuel Pégourié-Gonnard
1e2eae02cb Adapt pthread implementation to recent changes 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
eab147c4d0 Rename pkcs11_xxx_init() to bind() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
69a69cc5ae memory_buffer_alloc_init() now returns void 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
41d479e7df Split ssl_init() -> ssl_setup() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
47fede0d6d Add countermeasure against cache-based lucky 13 2015-04-29 01:35:48 +02:00
Manuel Pégourié-Gonnard
8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
bdd7828ca0 Always check return status of mutex_(un)lock() 2015-04-24 14:43:24 +02:00
Manuel Pégourié-Gonnard
331ba5778a Fix some additional renaming issues 2015-04-20 12:33:57 +01:00
Manuel Pégourié-Gonnard
e6028c93f5 Fix some X509 macro names 
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
 2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
e6efa6f54e manually merge 9f98251 make extKeyUsage accessible 2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
144bc224e9 Merge branch 'mbedtls-1.3' into development 
* commit 'a2fce21':
  Fix potential NULL dereference on bad usage

Conflicts:
	library/ssl_tls.c
 2015-04-17 20:39:07 +02:00
Manuel Pégourié-Gonnard
53c76c07de Merge branch 'mbedtls-1.3' into development 
* commit 'ce60fbe':
  Fix potential timing difference with RSA PMS
  Update Changelog for recent merge
  Added more constant-time code and removed biases in the prime number generation routines.

Conflicts:
	library/bignum.c
	library/ssl_srv.c
 2015-04-17 20:19:32 +02:00
Manuel Pégourié-Gonnard
de9b363fbd Merge branch mbedtls-1.3 into development 
* commit '95f0089':
  Update Changelog for DH params
  Add test case for dh params with privateValueLength
  accept PKCS#3 DH parameters with privateValueLength included

Conflicts:
	library/dhm.c
 2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard
9f98251e72 Make results of (ext)KeyUsage accessible 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
a2fce21ae5 Fix potential NULL dereference on bad usage 2015-04-15 21:04:19 +02:00
Manuel Pégourié-Gonnard
ce60fbeb30 Fix potential timing difference with RSA PMS 2015-04-15 16:56:28 +02:00
Manuel Pégourié-Gonnard
aac657a1d3 Merge remote-tracking branch 'pj/development' into mbedtls-1.3 
* pj/development:
  Added more constant-time code and removed biases in the prime number generation routines.
 2015-04-15 14:12:59 +02:00
Daniel Kahn Gillmor
2ed81733a6 accept PKCS#3 DH parameters with privateValueLength included 
library/dhm.c: accept (and ignore) optional privateValueLength for
PKCS#3 DH parameters.

PKCS#3 defines the ASN.1 encoding of a DH parameter set like this:

----------------
DHParameter ::= SEQUENCE {
  prime INTEGER, -- p
  base INTEGER, -- g
  privateValueLength INTEGER OPTIONAL }

The fields of type DHParameter have the following meanings:

     o    prime is the prime p.

     o    base is the base g.

     o    privateValueLength is the optional private-value
          length l.
----------------

See: ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-3.asc

This optional parameter was added in PKCS#3 version 1.4, released
November 1, 1993.

dhm.c currently doesn't cope well with PKCS#3 files that have this
optional final parameter included. i see errors like:

------------
dhm_parse_dhmfile returned -0x33E6

Last error was: -0x33E6 - DHM - The ASN.1 data is not formatted correctly : ASN1 - Actual length differs from expected lengt
------------

You can generate PKCS#3 files with this final parameter with recent
versions of certtool from GnuTLS:

 certtool --generate-dh-params > dh.pem
 2015-04-15 13:27:13 +02:00
Manuel Pégourié-Gonnard
862d503c01 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix typos in Changelog
  Fix macro name from wrong branch
  Fix bug in pk_parse_key()
  Fixed typos
  Updated Travis CI config for mbedtls project

Conflicts:
	include/mbedtls/ecp.h
	include/polarssl/compat-1.2.h
	include/polarssl/openssl.h
	include/polarssl/platform.h
	library/pkparse.c
	programs/pkey/mpi_demo.c
 2015-04-15 11:30:46 +02:00
Manuel Pégourié-Gonnard
e6c8366b46 Fix bug in pk_parse_key() 2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e1e5871a55 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix bug in pk_parse_key()
  Update generated file

Conflicts:
	library/pkparse.c
	library/version_features.c
 2015-04-15 10:50:34 +02:00
Manuel Pégourié-Gonnard
924cd100a6 Fix bug in pk_parse_key() 2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard
975d5fa206 Remove option HAVE_LONGLONG 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
7b53889f05 Remove support for HAVE_INT8 and HAVE_INT16 2015-04-10 11:34:22 +02:00
Manuel Pégourié-Gonnard
b31424c86a Make HAVE_IPV6 non-optional 2015-04-09 16:42:38 +02:00
Manuel Pégourié-Gonnard
dbd60f72b1 Update generated file 2015-04-09 16:35:54 +02:00
Manuel Pégourié-Gonnard
8408a94969 Remove MBEDTLS_ from internal macros 2015-04-09 13:52:55 +02:00
Manuel Pégourié-Gonnard
e546ad4afd Fix comment generated by generate_errors.pl 2015-04-08 20:27:02 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
df791a51f6 Simplify net_htonx() 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
62edcc8176 Document POLARSSL_CAMELLIA_SMALL_MEMORY 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
07ec1ddd10 Fix bug with ssl_set_curves() check on client 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard
a5cc2aa769 Fix bug in POLARSSL_PLATFORM_STD_EXIT support 2015-04-03 18:17:37 +02:00
Manuel Pégourié-Gonnard
29f777ef54 Fix bug with ssl_set_curves() check on client 2015-04-03 17:57:59 +02:00
Manuel Pégourié-Gonnard
32a7fe3fec Fix bug in POLARSSL_PLATFORM_STD_EXIT support 2015-04-03 17:56:30 +02:00
Manuel Pégourié-Gonnard
998930ae0d Replace non-ascii characters in source files 2015-04-03 13:48:06 +02:00
Manuel Pégourié-Gonnard
eadda3f3ad Add missing #ifdef in ecdsa.c 2015-04-03 13:15:34 +02:00
Manuel Pégourié-Gonnard
2bc16df2f4 Update generated file 2015-04-03 13:04:56 +02:00
Manuel Pégourié-Gonnard
f1d2f7c456 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Fix bug in Via Padlock support
  Fix portability issue in Makefile
 2015-04-02 12:44:00 +01:00
Manuel Pégourié-Gonnard
cf201201e6 Fix bug in Via Padlock support 2015-04-02 10:53:59 +01:00
Manuel Pégourié-Gonnard
427b672551 Add XXX_PROCESS_ALT mecchanism 2015-03-31 18:32:50 +02:00
Manuel Pégourié-Gonnard
26c9f90cae Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names
 2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
8c8be1ebbb Change default min TLS version to TLS 1.0 2015-03-31 14:22:30 +02:00
Manuel Pégourié-Gonnard
d16df8f60a Cleanup unused bit in ssl 
Became unused when removing deprecated ssl_set_own_cert_xxx() functions
 2015-03-31 14:04:51 +02:00
Manuel Pégourié-Gonnard
348bcb3694 Make RSA_ALT support optionnal 2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard
8fce937a1a Simplify ecdsa_context 2015-03-31 13:06:41 +02:00
Manuel Pégourié-Gonnard
49ce6f0973 Fix constness of asn1_write_mpi() 2015-03-31 13:05:39 +02:00
Manuel Pégourié-Gonnard
dfdcac9d51 Merge ecdsa_write_signature{,_det}() together 2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard
63e931902b Make a helpful constant public 2015-03-31 11:15:48 +02:00
Manuel Pégourié-Gonnard
b8cfe3f0d9 pk_sign() now requires non-NONE md_alg for ECDSA 2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard
fa44f20b9f Change authmode default to Required on client 2015-03-27 17:52:25 +01:00
Manuel Pégourié-Gonnard
1d0ca1a336 Move key_usage to more that 8 bits 2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard
1022fed36e Remove redundant sig_oid2 in x509 structures 2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard
a252af760f Minor source simplification 2015-03-27 16:15:55 +01:00
Manuel Pégourié-Gonnard
88fca3ef0e Fix thread safety issue in RSA operations 
The race was due to mpi_exp_mod storing a Montgomery coefficient in the
context (RM, RP, RQ).

The fix was verified with -fsanitize-thread using ssl_pthread_server and two
concurrent clients.

A more fine-grained fix should be possible, locking just enough time to check
if those values are OK and set them if not, rather than locking for the whole
mpi_exp_mod() operation, but it will be for later.
 2015-03-27 15:12:05 +01:00
Manuel Pégourié-Gonnard
9409e0cea2 Add support for X.520 uniqueIdentifier 2015-03-27 13:03:54 +01:00
Manuel Pégourié-Gonnard
dd5dbcae90 Accept bitstrings in X.509 names 2015-03-27 13:03:09 +01:00
Manuel Pégourié-Gonnard
957b1ee96e Fix per-C99 initializer issues 2015-03-27 11:56:40 +01:00
Manuel Pégourié-Gonnard
a958d69a70 Rename test_ca_list to test_cas_pem 2015-03-27 10:29:25 +01:00
Manuel Pégourié-Gonnard
2f165060f0 Start introducing test_cas NULL-terminated list 2015-03-27 10:20:26 +01:00
Manuel Pégourié-Gonnard
75f901006b Add len constants to certs.c 2015-03-27 09:56:18 +01:00
Manuel Pégourié-Gonnard
e960818735 Check return value of the TLS PRF 2015-03-26 11:47:47 +01:00
Manuel Pégourié-Gonnard
b7fcca33b9 Make tls1_prf and tls12_prf more efficient 
Repeatedly allocating a context and setting the key was a waste
 2015-03-26 11:41:28 +01:00
Manuel Pégourié-Gonnard
6890c6b64e Factor tls_prf_sha{256,384} together 2015-03-26 11:11:49 +01:00
Manuel Pégourié-Gonnard
147fa097e2 Reintroduce md_init_ctx compatibility wrapper 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
a77edade0c Clean up unneeded things 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281 Make hmac_ctx optional 
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
 2015-03-25 21:55:56 +01:00